1. Field of the Invention
This invention pertains in general to computer security and in particular to executing legacy computer programs within new security paradigms.
2. Description of the Related Art
Computer security has become increasingly important in recent times. Server computers that store confidential data, such as credit card numbers or medical records, must be protected from attempts by malicious attackers to obtain the data. Likewise, other computers such as home computers must be protected from malicious software such as viruses, worms, spyware, Trojan horse programs, and other similar threats that an end-user is likely to encounter when connected to the Internet. Modern operating systems, such as Unix, Linux, and MICROSOFT WINDOWS XP incorporate security paradigms that are intended to protect the computers from malicious behaviors.
Until recently, computer security paradigms relied on the concept of “transitive security” to protect the computer. A end-user having a defined role is assigned a set of permissions by the operating system. All code executed by that user has the same set of permissions as the end-user. Transitive security can be problematic if an end-user having broad permissions executes malicious software because the malicious software will also have broad permissions.
Newer operating systems support paradigms that specify the permissions based at least in part on the code itself. Microsoft's new operating systems, for example, provide a feature called “.NET Security.”.NET Security is based on three aspects: 1) managed code; 2) role-based security; and 3) evidence-based security. Managed code is supervised by the operating system as it is executed to ensure that it does not perform any operations that exceed the scope of its permissions. Role-based security means that the code has permissions defined in part by the role of the end-user that executes the code. Under evidence-based security, the permissions of the code are determined in part by the trustworthiness of the end-user and/or code itself.
Code must be specially written to take advantage of the features of .NET Security. The operating systems execute legacy code not written for .NET Security in a “native” mode that relies on role-based transitive security. There is a large base of legacy code, and it is likely that much of the code will never be revised to utilize .NET Security. As a result, computers supporting .NET Security will likely execute a large amount of legacy code under a transitive security paradigm, with the attendant security risks. Therefore, there is a need in the art for a way to allow legacy code to take advantage of the security provided by .NET Security and other similar environments.